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Abstract: 

A system and method for selectively controlling database access by providing 
a system and method that allows a network administrator or manager to restrict 
specific system users from accessing information from certain public or otherwise 
uncontrolled databases (i.e.. the WWW and the Internet). The invention employs 
a relational database to determine access rights, and this database may be 
readily updated and modified by an administrator. Within this relational database 
specific resource identifiers (i.e., URLs) are classified as being in a particular 
access group. The relational database is arranged so that for each user of the 
system a request for a particular resource will only be passed on from the local 
network to a server providing a link to the public/uncontrolled database if the 
resource identifier is in an access group for which the user has been assigned 
specific permissions by an administrator. In one preferred embodiment, the 
invention is implemented as part of a proxy server within the user's local network. 
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(54) System and method for datat>ase access administration 



(57) A system and method for selectively controlling 
database access by providing a system and method 
that allows a network administrator or manager to 
restrict specific system users from accessing informa- 
tion from certain public or otherwise uncontrolled data- 
bases (i.e., the WWW and the Internet). The invention 
employs a relational database to determine access 
rights, and this database may be readily updated and 
modified by an administrator. Wrthin this relational data- 
base specific resource identifiers (i.e., URLs) are classi- 
fied as being in a particular access group. The relational 



database is arranged so that for each user of the sys- 
tem a request for a particular resource will only be 
passed on from the local network to a server providing 
a link to the public^uncontrolled database if the resource 
identifier is in an access group for which the user has 
been assigned specific permissions by an administrator. 
In one preferred emt)odiment. the invention is imple- 
mented as part of a proxy server wrthin the user's local 
network. 
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Description 
Technical Reld 

The invention relates to controlling datalDase 
access and, more particularly, to selectively providing 
such control with respect to otherwise public databases. 

Background Of The Invention 

Files or other resources on computers around the 
world may be made publicly available to users of other 
computers through the collection of networks known as 
the Internet. The collection of all such publicly available 
resources, linked together using files written in Hyper- 
text Mark-up Language ("HTML") is known as the World 
Wide Web ("WWW). 

A user of a computer that is connected to the Inter- 
net may cause a program known as a client to request 
resources that are part of the WWW. Server programs 
then process the requests to return the specified 
resources (assuming they are currently available). A 
standard naming convention has has been adopted, 
known as a Uniform Resource Locator ("URL"). This 
convention encompasses several types of location 
names, presently including subclasses such as Hyper- 
text Transport Protocol ("http"). File Transport Protocol 
("ftp"), gopher, and Wide Area Information Service 
("WAIS"). When a resource is downloaded, it may 
include the URLs of additional resources. Thus, the 
user of the client can easily learn of the existence of 
new resources that he or she had not specifically 
requested. 

The various resources accessible via the WWW are 
created and maintained by many different people on 
computers around the workj, with no centralized control 
of content. As particular types of infornr^tion or images 
contained in this uncontrolled information collection 
may not be suitable for certain users, it may be desirable 
to selectively restrict access to WWW resources. For 
example, parents or school teachers might wish to have 
children access useful information, but not obscene 
material (which the children may be exposed to as a 
result of innocent exploration of the WWW, or through 
the incidental downloading of a URL). Another example 
is the case of school teachers who would like their stu- 
dents to access just a particular group of resources dur- 
ing a class meeting. A third example is businesses that 
woukjl like their employees to access only work-related 
resources, but not to spend their time on other WWW 
explorations. In general, a particular user might need to 
be restricted to different resources at different times, as 
in the case of a student restricted to different sets of 
resources during classes on different subjects. 

Some authorities such as schools ask the usas to 
abide by a policy statement by which they agree to 
restrict their exploration of the WWW, for example, by 
agreeing not to download obscene material. However, 
voluntary compliance with such a policy will not prevent 



the accidental downloading of resources that are not 
readily identifiable as forbidden or inappropriate prior to 
downloading and viewing. 

Naturally, technical solutions such as 'Yirewalls" are 

5 also available to limit or impede access to the WWW 
and Internet. These firewalls are software-based gate- 
ways that are commonly installed to protect conrputers 
on a local area network ("LAN") from being attacked by 
outsiders. One effect of installing a firewall is that WWW 

10 clients can no longer directly contact WWW servers. 
Typically, this proves too restrictive, and users resort to 
"proxy servers" that are directly contacted by WWW cli- 
ents. These proxy servers have special abilities to for- 
ward requests through the firewall, and thereby provide 

75 communication to arxl from servers on the Internet. For 
efficiency, a proxy server may also cache some 
resources locally. Current clients and proxy servers 
yield access to every public resource in the WWW - 
They are not configured to allow a particular user to 

20 request some resources, while preventing access by 
that user to other resources. 

Some filtering" of the available WWW resources 
may be effected within systems that offer indirect 
access. In these systems an information provider would 

25 download resources from the WWW and maintain cop- 
ies of the resources. Users would access these copies. 
The information provider can review the resources as 
they are obtained from the WWW, and edit out any inap- 
propriate or obscene material prior to making the 

30 resource available to users. A disadvantage of this 
scheme is that the material provided by the information 
provider may be out-of-date compared to the original 
resource on the WWW. 

In an alternate scheme of "filtered" access to WWW 

35 resources, a proxy server provides a user with a menu 
of allowed resources that may be accessed, and users 
can obtain any resources that can be reached by a 
series of links from the menu resources. The user is 
only permitted to request URLs via this menu. This par- 

40 ticular method has two disadvantages. First, many 
resources must be excluded from the menu because 
they contain links to inappropriate material, even though 
they themselves might be acceptable. Second, a 
resource may change over time to include new links that 

45 might lead to inappropriate material, and thereby pro- 
vide a user with an unintended pathway of access to 
such. 

In still another method of filtered" access to WWW 
resources, the client or proxy sen/er checks each 

so resource for a list of disallowed words (i.e.; obscenities; 
sexual terms, etc.) and shows the user only those 
resources that are free of these words. However, this 
method does not permit filtering of images and does not 
prohibit resources that might be inappropriate due to 

55 content other than specific words. 

Yet another means of protecting users from inap- 
propriate or obscene materials has been established by 
the computer and video game manufacturers. The 
games are voluntarily rated on the dimensions of vio- 
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lence, nudity/sex, and language. Although such conven- 
tions have not yet been adopted in the WWW, the 
analog would be to add such ratings to WWW 
resources, presumably with digital signatures to prevent 
forgery, A WWW dient could then, if so programmed, 
choose not to save or display any resource that is 
unrated or has an unacceptable rating for the given 
audience. The disadvantage of this scheme is the need 
to convince the many people who provide useful serv- 
ers (often on a non-professionat or pro tx}no basis) to 
coordinate with a rating panel . 

All of the present systems for limiting user access to 
an uncontrolled public database resources, such as 
those available on the WWW, have obvious shortcom- 
ings. Presently, there exists no simple means for an 
authority (i.e.; teacher, supervisor, system administra- 
tor, etc.) to selectively control WWW access by one or 
more users, without significantly impairing the users' 
ability to communicate with the Internet. This is espe- 
cially true if the particular authority wishing to exert such 
control has few computer skills with respect to the man- 
agement of information/services networks. 

The present invention overcomes the d^iciencles 
of prior schemes for regulating network database 
access by providing a system and method that allows 
one or more network administrators/managers to rate 
particular information and/or services. This rating is 
then enployed to restrict specific system users from 
accessing the information/services via certain public or 
otherwise uncontrolled databases (i.e.. the WWW and 
the Internet). The invention employs a relational data- 
base to determine access rights, and store rating infor- 
mation. The rating information database may be readily 
updated and rrxxiified by an administrator/manager. 
Within this relational database specific resource identifi- 
ers (i.e.. URLs) are classified as being associated with 
a particular access rating. The relational database is 
arranged so that for each user of the system a request 
for a particular resource will only be passed on from the 
local network to a server providing a link to the pub- 
lic/uncontrolled datat>ase if the resource identifier has 
an access rating for which the user has been assigned 
specific permissions by an administrator/manager. In 
one preferred embodiment, the invention is imple- 
mented as part of a proxy server within the user's local 
network. In another embodiment, the system maintains 
a ratings resource file associated with each specific 
resource identifier, wherein comments, conditions, etc. 
relating the particular resource are stored. 

BrlQf D^^crlptlgn Qf Thg Drgwlng 

In the drawing: 

FIG. 1 is a simplified diagram of an exemplary sys- 
tem embodying the invention; 



FIG. 2 is a simplified diagram of an alternate 
arrangement of the system of FIG. 1 adapted to 
facilitate the classification of URLs into rating 
groups; 

5 FIG. 3 is a simplified diagram of an alternate 

arrangement of the system of FIG. 1 including sys- 
tem management adaptations; 
FIG. 4 is an illustration of ratings information 
returned to a system manager upon retrieval of a 

10 particular network resource; 

FIG. 5 is an illustration of resource categorization 
information provided to a network manager; and 
FIG. 6 is an illustration of a ratings editing page 
accessible by a network manager. 

IS 

Petalletf Pescription Qf The Invention 

FIG. 1 is a sinptif led diagram of an exennplary sys- 
tem embodying the invention. 

20 As shown in FIG. 1 . the system indiKles public net- 
work 100, network resources 101-105, and user site 
106. Particular users at user site 106 gain access to 
public network 100 via user terminals 107, 108 and 109. 
Each of these user terminals is linked by local area net- 

25 work ("LAN") 1 10 to processor 111 within proxy server 
112. Finally, proxy server 112 provides a connection 
from processor 111 to public network 100 via firewall 
113. 

Requests from user terminals 107-109 for access 

30 to network resources (101-105) through public network 
100 are submitted to processor 1 1 1 within proxy server 
112. In this particular embodiment of the invention, the 
submitted requests are assumed to be in the form of 
URLs. As is well known in art, when URLs are submitted 

35 to a proxy server, the particular requesting user terminal 
Is identified to the proxy server by a Identification 
header attached to the URL For the system shown in 
FIG. 1, the identification code for user terminal 107 is 
10^07* identification code for user terminal 108 is 

40 ID^oS' and the identification code for user terminal 109 
is lDio9- In addition, within the system of FIG. 1, URLs 
designated as URL^qi, URL^o2> URL^os. URL104 and 
URL^os. represent requests for information from net- 
work resources 101. 102. 103, 104 and 105, respec- 

45 tively. 

Upon receipt of an incoming URL, processor 11 1 is 
programmed to determine the identity of the requesting 
user terminal from the URL header. This identification 
information is then utilized by processor 1 1 1 to cross- 

50 reference the received URL with information stored in 
relational database 114. Relational database 114 con- 
tains listing 1 1 5 which assodates each of the user iden- 
tification codes (1D^07> 1^108 ^^xl ID109) with a user 
dearance code (user clearancoioy, user cleararKeio8 

55 and user clearance^ 09 • respectively). These user clear- 
ances indicate the particular rating class or classes of 
network resources that a given user terminal is allowed 
to access (i.e.; unlimited access; restricted use of URLs 
identified as accessing violent subject matter; restricted 



3 



5 



EP0 748 095 A2 



6 



use of URLs that are identified as accessing obscene 
subject matter; etc). Also contained in relational data- 
base 114 is listing 116 which includes a register of 
allowable URLs (URL^oi-ios) that may be transmitted 
from a user terminal to access network resources. List- 5 
ing 116 associates each of these URLs with a particular 
resource rating data (resource ratingioMos)- The 
resource rating associated with each of said URLs can 
be something as simple a a rating dass indicator. For 
example, an indication that a particular U RL is approved 70 
for use by all users, or that use of a particular URL is 
restricted for some reason (i.e.; the URL accesses net- 
work resources that contain violent or obscene subject 
matter). 

For example, assume that a system administrator is 
or manager had subjectively categorized the network 
resources of FIG. 1 into three classes (non-violent - NV, 
moderately violent - MV. and violent - V) as follows: net- 
work resource 101 - NV, network resource 102 - NV, 
network resource 1 03 - NV, network resource 1 04 - MV, so 
and network resource 105 - V). The URUresource rat- 
ing listing 1 16 would then contain the following data: 



URL 


Resource 
Rating 


URL,oi 


NV 


URLioa 


NV 


URL103 


NV 


URL104 


MV 


URL105 


V 



30 



Further assume that user terminal 107 should be 
allowed access to all network resources (NV, MV and 
V); that user terminal 108 should only be allowed to 
access NV and MV rated resources; and that user ter- 
minal 109 should be allowed to access only NV 40 
resources. Infornr^tion reflective of these user terminal 
clearances would be stored within listing in 115 as fol- 
lows: 



User 
kJentification 


User 
Clearance 


IDi07 


NV, MV. V 


ID108 


NV, MV 


ID109 


NV 



Within the system of FIG. 1 . when a requesting user ss 
terminal transmits a URL via LAN 110, processor 111 
receives the URL and the requesting user terminal iden- 
tification code. Processor 1 1 1 then queries listing 1 1 5 to 
determine the allowable resource ratings for the partic- 



ular requesting user terminal, and listing 116 to deter^ 
mine the resource rating of the network resource that 
will be accessed by the particular received URL. If a 
URL requesting network resource 101 was received by 
processor 1 1 1 from user terminal 1 07, list 1 1 5 and 116 
witiiin relational database 114 would yield information 
indicating that user terminal 107 was cleared to access 
NV, MV and V rated network resources, and that 
URL101 had a rating of NV As the rating of the 
requested resource was one of the ratings for which the 
requesting user terminal had clearance, processor 111 
would forward the request for information (URL^qi) to 
public network 100 via firewall 113. Assuming tiie 
requested resource was available, public network 
returns the requested information to user ternrvnal 107 
via firewall 113, processor 111 and LAN 110. Contrast- 
ingly, if a URL having a rating that the requesting user 
terminal is not cleared for is received by processor 111. 
that request for irtfornnation is denied. For instance, if 
URLi05 is received by processor 111 from user terminal 
109, relational database 114 is accessed. Since tiie 
data within listings 115 and 116 show that URL^qs has 
a rating of V. and tiiat user terminal 109 is cleared to 
access only NV rated network resources, processor 1 1 1 
denies the request for information, and no URL is sent 
to public network 100. Processor 1 1 1 could also be pro- 
grammed to deny all requests from user terminals for 
un-rated resources. This would prohibit the accessing of 
network resources that had not been reviewed or rated 
by the system administrator/manager. It wilt also be 
understood from tiie above description of the invention 
that images contained within a given resource (i e.. In- 
line images) are subject to tiie same rating given to tiie 
resource. There would be no need to rate the in-line 
images separately 

In the particular embodiment described above, rela- 
tional database 1 14 stores a list of user terminal identi- 
fication codes and tiie various user clearances 
reflective of the ratings of network resources that each 
user terminal should be allowed to retrieve from public 
network 100. K will be understood that the invention 
could be modified so that the list of user clearances 
associated with a given user terminal identification code 
serves a a restrictive list (i.e.; that user is not allowed to 
retrieve network resources having that rating). This 
restrictive listing functionality could be readily facilitated 
by reprogramming processor 1 1 1 . In addition, the inven- 
tion could be modified so that the kientification codes 
recognized by processor 111 and stored in relational 
database 114 are user specific, as opposed to user ter- 
minal specific. In otiier words, the system of FIG. 1 
could be modified so that a given individual using a ter- 
minal is identified to tiie system by a personal password 
or other identifying code. Access or denial of the trans- 
mission of particular URLs is effected by the system as 
a function of that person's identity, regardless of the par- 
ticular user terminal they may be utilizing. 

The above described system may also be modified 
so that URLs are identified as being in a rating category 
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within the memory structure of a relational database. 
FIG. 2 provides a simplified diagram of a system similar 
to that of FIG. 1 . but adapted to fadlttate the classifica- 
tion of URLs into rating groups. As shown, relational 
database 200 irKludes user identification code listing 5 
201 and URL listing 202. Listing 201 designates user 
identification codes ID^q? and ID^qs ^ being in the user 
clearance A category, and ID^os being in tiie user 
clearance B category. Upon receipt of an incoming 
URL, processor 111 ascertains tiie identity of the 70 
requesting user terminal from the URL header, and then 
utilizes tills identification information to determine the 
clearance category specified for that particular user 
witiiln listing 201 . The particular URL received by proc- 
essor 111 Is then cross-referenced witii listing 202 to is 
determine the associated resource rating category. If 
the requesting user has a clearance that corresponds to 
resource rating associated with the requested URL, 
processor 1 1 1 fonvards tiie URL to public network 100 
via firewall 113. Public network 100 returns the 20 
requested information to the identified user via firewall 
113, processor 111 and LAN 110. Contrastingly, if a 
URL is included in a resource rating category for which 
the requesting user is not cleared, processor 111 
denies the request for information. 2s 

in addition, the URL rating data within the above 
described systems can include a text listing of the 
rationale upon which a given rating Is based, or addi- 
tional information that facilitates more complex condi- 
tional rating schemes. As a illustration of a conditional 30 
rating for a URL assume that a the resource rating asso- 
ciated with a particular URL has been rated V for vio- 
lent, and that all the terminals within a given school 
have clearances of NV (no violence). Therefore. In gen- 
eral, none of tiie school terminals would be granted use 35 
of the V rated URL. However, situations could arise that 
require exception to this general rule. For example, a 
certain terminal associated with a history class could 
need to access a particular resource that contained vio- 
lent, but relevant information on an historic military bat- 4o 
tie. To facilitate access to such resources, the relational 
database rating information for the military battie 
resource would be augmented to reflect the conditional 
rating of "NV for user terminals located in history class- 
rooms; V for all other terminals". With this conditional 45 
system, history class terminals would be restricted from 
all other "violent" rated URLs, but still be capable of 
accessing historically significant, yet violent, network 
resources. Conditional access could also be granted to 
terminals or users a function of time (i.e.; access limited so 
to certain times of day for certain user or user termi- 
nals). 

As stated above, the relational databases within the 
systems of FIG. 1 and FIG. 2 contain listings of 
user/user terminal identification codes and URLs, ss 
These listings are subjectively categorized or rated to 
facilitate the selective access of otherwise public net- 
work resources. This categorization/rating was 
assumed to be have been performed by a system man- 



ager, and is effected by modifying the contents of tiie 
relational database utilized in practicing the invention 
Within the system shown in FIG. 3, processor 1 1 1 can 
be programmed to allow resource categorization infor- 
mation (listing 300) and/or user/user terminal clearance 
Information (listing 301) witiiin relational database 302 
to be modified only by a specific dedicated manage- 
ment terminal 303. Restricting ability to "write" new 
information into relational database 302 to management 
terminal 303 minimizes opportunities for datat>ase tam- 
pering. Alternately the system can also be configured to 
permit database modification to be performed from any 
one of user terminals 107, 108 or 109. To protect 
against corruption of the contents of relational database 
302, authorization for altering the contents of relational 
database 302 from a user terminal is controlled via use 
of a manager identifier. For example, if a system man- 
ager wished to modify relational database 302 from 
user terminal 108, he or she wouM enter a password 
identifying themselves as an authorized system man- 
ager. The password is received by processor 1 1 1 and 
compared with the contents of manager ID memory list- 
ing 304. If the received manager ID password conre- 
spends to one stored in listing 304, tiien user terminal 
108 Is identified a a manager terminal (as indicated by 
ID108 being stored within listing 304). Modifications to 
tiie contents of relational database 302 may then be 
effected from that user terminal. When all modifications 
have been completed, the manaiger logs off and user 
terminal 108 returns to standard user terminal status 
(i.e.. ID is cleared from listing 304). 

With the ever increasing proliferation of information 
systems in home, school and work environments, it is 
often the case tiiat the responsibility of managing infor- 
mation access falls upon one or more individuals that 
are less than expert with respect to computer or infor- 
mation systems. Any of the above desaibed systems 
can be implemented in a manner that allows a non- 
expert manager to easily control the systems. For 
example, within the system of FIG. 3, processor 111 
can be programmed to provide users recognized as 
system managers with a HTML "rating header" prior to 
tiie lead page of each retrieved network resource. If a 
manager retrieved the AT&T 800 Directory network 
resource via public network 100, the returned informa- 
tion would be labeled by processor 11 1 to reflect a non- 
violent rating (see FIG. 4, note the "NV" designation that 
precedes the retrieved resource - -the AT&T 800 Direc- 
tory). The manager may review the reasoning behind 
the rating by clicking on the portion of the HTML rating 
page labeled "click here". This results In tiie retrieval 
from resource categorization information listing 300 of 
the rationale upon which the NV rating was based (see 
the page shown in FIG. 5). If the manager wished to dis- 
agree with the assigned rating upon retrieving the AT&T 
800 Directory resource, he or she would click on "If you 
disagree, dick here". This retrieves rating and rationale 
information from resource categorization information 
listing 300. and provides tiie manager witii a page that 
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facilitates editing of the rating (see FIG. 6). This page 
provides the nnanager with the current rating of the 
resource ("NV"), the main reason it was rated a such 
("zero violent content"), and an area for entering a more 
detailed reason (The resource consists of telephone 5 
listings ..."). Upon completing, or modifying this HTML 
page, the system manager would select "Send Mes- 
sage" and thereby transmit the page to relational data- 
base 302 for storage within listing 300. 

It will be understood that the particular system and 10 
method described above is only illustrative of the princi- 
ples of the present invention, and that various modifica- 
tions could be made by those skilled in the art without 
departing from the scope and spirit of the present inven- 
tion, which is limited only by the claims that follow. For is 
example, any one of the atx}ve described embodiments 
could be modified to accept requests from users/user 
terminals that are in a format other than a URL The 
relational database would merely have to be modified to 2. 
store sets of information indicative of the particular type 20 
of request format being employed, and associated with 
a particular user class. Yet another modification would 
involve the adaptation to a multi-manager environment. 
In such a environment, network resource ratings could 
be arrived at as a result of voting among a number of 2s 
system managers. For example, a number of managers 
could submit or alter a resource's rating, but the ultimate 
rating stored in the relation database would be an aver- 
aging of the submitted ratings, or whatever the niajority 
of the managers chose as the rating of the particular 30 
resource. The relational database utilized in systems 
facilitating the invention could also be configured so that 
information indicative of allowable resource access is 
arranged to conform to resources that are configured in 
a tree structure format (such as a hierarchical directory 35 
arrangement). Such a relational database would include 
a listing of directory and/or subdirectory identifiers that 
couki be labeled with a particular resource rating. The 
system couki be corrfigured so that resources located 
within a directory or subdirectory so labeled, would 40 
assume the rating of the overall directory/subdirectory. 
Alternatively, the system couki enploy a prioritized 3. 
directory/subdirectory rating system. In such a system, 
a directory would be assigned an overall rating such as 
"NV". Particular items or subdirectories witfiin this NV 45 
rated directory could then be labeled with specific rat- 
ings outside of "NV". such a "V". When a user accessed 4. 
the NV rated directory, all items within it would be 
assumed to have an NV rating, except those items or 
subdirectories labeled with some other, more specific so 
and different rating. 

5. 

Claims 

1 . A system for selectively restricting access to one or ss 
more otiierwise public information resources, com- 6. 
prising: 

a relational database containing a first 
stored listing that associates each of a plurality of 



resource identifiers with at least one resource rat- 
ing, and a second stored listing that associates 
each of a plurality of user identification codes with 
at least one user clearance rating; 

a processor adapted to receive a request for 
network access to one or more particular network 
resources. sakJ request including a resource identi- 
fier and a user kientification code, said processor 
being further adapted to query said first and second 
listings within sakl relational database, and execute 
said request for network access to sdid one or nriore 
particular network resources as a function of tiie 
resource rating shown to be associated with said 
received resource identifier witiiin sakl first listing, 
and the user clearance rating shown to be associ- 
ated witii said received user identification code 
within said second listing. 

A system for selectively restricting access to one or 
more othenwise public information resources, com- 
prising: 

a relational database containing a first 
stored listing that associates a plurality of resource 
identifiers with at least one resource rating, arxi a 
second stored listing that associates a plurality of 
user klentification codes with at least one user 
clearance rating: 

a processor adapted to receive a request for 
network access to one or more particular network 
resources, sakl request including a resource identi- 
fier and a user identification code, said processor 
being further adapted to query said first and second 
listings within said relational database, and execute 
said request for network access to said one or more 
particular network resources as a function of tiie 
resource rating shown to be asociated with said 
received resource identifier within sakl first listing, 
and tiie user clearance rating shown to be associ- 
ated witii said received user identification code 
witiiin said second listing. 

The system of daim 2 wherein said plurality of 
resource identifiers associated with at least one 
resource rating are arranged in a hierarchical direc- 
tory data sti-ucture. 

The system of daim 3 wherein said plurality of 
resource identifiers arranged in said hierarchical 
directory data structure are associated with more 
than one resource rating. 

The system of any of the preceding claims wherein 
at least one of sakl one or more particular network 
resources includes at least one in-line image. 

The system of any of the preceding claims wherein 
said processor is programmed to execute sakt 
request for access if said resource rating associ- 
ated with said received resource identifier within 
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said first listing, corresponds to at least one of said 
user clearance ratings associated with said 
received user identification code within said second 
listing. 

7. The system of any of claims 1 to 5 wherein said 
processor is programmed to deny execution of said 
request for access if said resource rating associ- 
ated with said received resource identifier within 
said first listing, con-esponds to at least one of said 
user clearance ratings associated with said 
received user identification code within said second 
listing. 

8. The system of any of the preceding dalms wherein 
said processor is contained within a network proxy 
server. 

9. The system of any of the preceding claims wherein 
each of said user identification codes identifies one 
or more terminals adapted for facilitating network 
access to one or more particular network 
resources. 

10. The system of any of claims 1 to 8 wherein each of 
said user identification codes identifies one or more 
individuats authorized to access one or more partic> 
ular network resources. 

1 1 . The system of any of the preceding claims wherein 
each of said resource identifiers corresponds to 
one or more uniform resource locators for access- 
ing one or more particular network resources. 

1 2. The system of any of the preceding daims wherein 
said relational database further includes a data list- 
ing associated with one or more of said plurality of 
resource identifiers, wherein said data listing repre- 
sents textual information related to the resource rat- 
ing shown to be assodated with said one or more of 
said plurality of resource identifiers within said first 
listing. 

13. The system of any of the preceding daims wherein 
said relational database further includes a condi- 
tional data listing assodated with one or more of 
said resource kientrfiers. wherein said conditional 
data listing represents information indicative of spe- 
cific conditions under which requests for network 
access to particular network resources assodated 
with said resource identifier can be executed, and 
wherein said processor is further adapted to exe- 
cute said request for network access to said one or 
more particular network resources as a function of 
said conditional data listing. 

14. The system of any of the preceding daims wherein 
said relational database further comprises a stored 
listing of at least one system manager identifier, 



and sakj processor is adapted to identify a user as 
a system manager on the basis of said system 
manager identifier listing, and thereby permit said 
kdentified system manager to nxxiify the contents 
5 said relational database. 

15. The system of claim 14 wherein said relational 
database further comprises a stored listing contain- 
ing at least one HTML page adapted to fadlitate the 

10 modification of the contents of saki relational data- 
base by laid identified system manager. 

16. A method for selectively restricting access to one or 
more otherwise public information resources, com- 

15 prising the Steps of : 

receiving a request for access to one or 
more particular information resources, wherein said 
request includes a user identification code and a 
resource identifier; 

20 connparing said received request for access 

to a relational datat)ase containing a stored listing 
of user identification codes and resource klentif iers, 
wherein each of said resource kientif iers is assod- 
ated with at least one resource rating, and wherein 

25 each of said user identification codes is asociated 
witii at least one user clearance rating; 

executing said request for access as a func- 
tion of the resource rating shown to be associated 
with said received resource kjentifier witiiin sakJ 

30 Stored listing, and the user clearance rating shown 
to be associated with said received user identifica- 
tion code within said stored listing. 

1 7. The method of daim 1 6 wherein at least one of said 
35 one or more particular network resources indudes 

at least one in-line image. 

18. The method of claim 16 or claim 17 wherein the 
execution of said request for access is performed if 

40 said stored listing shows said received user identifi- 
cation code to be associated with at least one user 
dearance corresponding to at least one resource 
rating shown to be associated with saki one or 
more particular network resources. 

4S 

19. The method of claim 16 or claim 17 wherein the 
execution of said request for access is denied if 
said stored listing shows sakJ received user identifi- 
cation code to be associated with at least one user 

so dearance corresponding to at least one resource 
rating shown to be associated with said one or 
more particular network resources. 

20. The method of any of claims 1 6 to 1 9 wherein each 
55 of said user identification codes kientif ies one or 

more terminals adapted for facilitating network 
access to one or more particular network 
resources. 
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21 . The method of any of claims 1 6 to 20 wherein each 
of said user identification codes identifies one or 
more individuals authorized to access one or more 
particular network resources. 

22. The method of any of claims 16 to 21 wherein each 
of said resource identifiers correspsonds to one or 
more uniform resource locators for accessing said 
one or more particular network resources. 



10 



23. The method of any of claims 16 to 22 further com- 
prising the step of providing a user with access to a 
data listing within said relational database, wherein 
said data listing is associated with one or more of 
said plurality of resource identifiers, and wherein is 
said data listing represents textual information 
related to the resource rating shown to be associ- 
ated with said one or more of saki plurality of 
resource identifiers within saki stored listing. 

20 

24. The method of any of the claims 16 to 23 wherein 
saki relational database further comprises a stored 
listing of at least one system manager identifier, 
and saki processor is adapted to identify a user as 

a system manager on the basis of said system 25 
manager kientifier listing, and thereby permit said 
klentif ied system manager to modify the contents 
saki relational database. 
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FIG. 4 



DOCUMENT TITLE: [ 
DOCUMENT URL [ 



NV 



TO SEE THE JUSTIFICATION GIVEN FOR THE EXISTING RATING. CUCK H^Rg. 
IF YOU DISAGREE. CUCK mi- 



800 DIRECTORY 



BROWSE BY CATEGORY 

a. b.e,d,S,l,g.h,i.ik.J.in. Q.S. B. 9.I>&i.!!.LI. 1.1.2 



BROWSE BY NAME 

9. b,c,d.e,i,g,h,J,j.k,J,in. n.0, e.g,r.s,j,u, V,!, 1,1,2.0. 1, ^ 
CUCK ON A LETTER TO START BROWSING. 



STRING SEARCH 



THE SEARCH IS CASE INSENSITIVE; BLANKS DENOTE "AND". 



PHONE NUMBER SEARCH 



BEGIN SEARCH! 



[ni»j«n]:ri 



WE KKOW IHAT TOUR UfE 5 BUST. EVERT WT. HUFS WHT WE CREAB IHE PRIinED 800 ORECTORT lEH rEARS AGO. ITS 
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FIG. 6 



DOCUMENT TfTLE: 



DOCUMENT URL [ 



PHASE INDICATE WHY YOU BEUEVE THE RATING SHOULD BE CHANGED ON HTTP://An.NET/DIR800 



SUGGESTED RATING: || NV 
MAIN REASON: || ZERO VIOLENT CONTENT « | 

FROM: ' 



r 



THE RESOURCE PROVIDES A USTING 
OF TOLL-FREE TEIIPHONE NUMBERS 
THAT MAY BE SEARCHED BY 
INDIVIDUAL USTING NAME OR 
GENERAL USTING CATEGORY. THERE 
ARE NO VIOLENT GRAPHICSAEXT 
WITHIN THE RESOURCE ITSELF. 
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